CVE-2024-37139 — Improper Control of a Resource Through its Lifetime in Dell Powerprotect DD

CWE-664 — Improper Control of a Resource Through its Lifetime3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

1.2%

top 20.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Powerprotect DD Dell Data Domain Operating System

Timeline

PublishedJun 26

Description

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to temporary resource constraint of system application. Exploitation may lead to denial of service of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5dell/powerprotect_ddN/A — 5.16.0.0+2

▶NVDdell/data_domain_operating_system7.8.0.0 — 7.10.1.30+2

🔴Vulnerability Details

GHSA

GHSA-554f-g6vm-mg6x: Dell PowerProtect DD, versions prior to 8↗2024-06-26

▶

CVEList

CVE-2024-37139: Dell PowerProtect DD, versions prior to 8↗2024-06-26

▶